IT, security execs need close cooperation to thwart attacks
Criminals are attracted to health records because of the financial return, says AHIMA’s Angela Rose.
Healthcare organizations are vulnerable to cyber attacks because there’s a ready market for complete health care records, says Angela Rose, director of HIM Practice Excellence at the American Health Information Management Association.
EHRs are full of information that enables criminals to commit fraud, and thus they fetch $60 on the open market, Rose said Monday in Las Vegas.
Citing research from KPMG during a session at the HIMSS Cybersecurity Symposium, Rose noted that while 81 percent of surveyed healthcare organizations have experienced some kind of cyber attack, only about half consider themselves ready enough to defend their organization against future attacks.
Other studies have found that the average breach costs $363 to mitigate per affected individual, and 40 percent of consumers say they would leave a healthcare organization that was hacked.
If an organization is to have an effective and proactive cybersecurity program, there must be a close working relationship between the top IT officers and privacy/security officers, Rose told attendees in a large and packed meeting hall.
Conducting a risk analysis annually is no longer sufficient—not even close, Rose asserted. “If your risk analysis is more than three months old, it’s out of date,” she added.
Further, education and training of employees must go much further than its present levels, she added. They need to better know how to use the privacy and security rules and who to contact to get questions answered—they need a hotline.
Privacy and security officers need to become more proactive and implement programs to assure that gaps in network monitoring are closed, Rose said. Among other issues, that includes accounting for all places that data resides and tracking employees access to records in an organization’s database.
EHRs are full of information that enables criminals to commit fraud, and thus they fetch $60 on the open market, Rose said Monday in Las Vegas.
Citing research from KPMG during a session at the HIMSS Cybersecurity Symposium, Rose noted that while 81 percent of surveyed healthcare organizations have experienced some kind of cyber attack, only about half consider themselves ready enough to defend their organization against future attacks.
Other studies have found that the average breach costs $363 to mitigate per affected individual, and 40 percent of consumers say they would leave a healthcare organization that was hacked.
If an organization is to have an effective and proactive cybersecurity program, there must be a close working relationship between the top IT officers and privacy/security officers, Rose told attendees in a large and packed meeting hall.
Conducting a risk analysis annually is no longer sufficient—not even close, Rose asserted. “If your risk analysis is more than three months old, it’s out of date,” she added.
Further, education and training of employees must go much further than its present levels, she added. They need to better know how to use the privacy and security rules and who to contact to get questions answered—they need a hotline.
Privacy and security officers need to become more proactive and implement programs to assure that gaps in network monitoring are closed, Rose said. Among other issues, that includes accounting for all places that data resides and tracking employees access to records in an organization’s database.
More for you
Loading data for hdm_tax_topic #care-team-experience...